Microsoft IIS7.5 DoS 0-day

I am including this entry because there is always the potential for memory corruption attacks to allow for code injection and complete compromise with the credentials or privileges of the attacked program.  SANS has reported that a 0-day exploit has been published at exploit-db (US-Cert advisory) against IIS 7.5’s FTP service, pre-authentication.  No patch is available, and Microsoft’s initial assessment is available here.

Advertisements